Cisco Products Remote Code Execution Vulnerability

Last Update Date: 14 Jul 2014 Release Date: 11 Jul 2014 2943 Views

RISK: Medium Risk

Medium Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

A vulnerability has been identified in the Apache Struts 2 component of multiple Cisco products.

 

The vulnerability is due to insufficient sanitization on user-supplied input in the XWorks component of the affected software. The component uses the ParameterInterceptors directive to parse the Object-Graph Navigation Language (OGNL) expressions that are implemented via a whitelist feature. By sending crafted requests that contain OGNL expressions to an affected system, it could allow an attacker to execute arbitrary code.

Impact

  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • Cisco Business Edition 3000 Series
  • Cisco Identity Services Engine (ISE)
  • Cisco Media Experience Engine (MXE) 3500 Series
  • Cisco Unified Contact Center Enterprise (Cisco Unified CCE)

 

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Apply software updates from the vendor or contact the maintenance providers.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Samba and Samba3x Multiple Vulnerabilities

10 Jul 2014 2833 Views

Next

Improperly Issued Digital Certificates Spoofing Vulnerability

11 Jul 2014 3073 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY